Zendesk request override get tasks

CHANGELOG.md

@@ -23,6 +23,7 @@ The types of changes are:
 
 ### Changed
 - Added a security setting that must be set to true to enable the access request download feature [#5451](https://github.com/ethyca/fides/pull/5451)
+- Preventing erasures for the Zendesk integration if there are any open tickets [#5429](https://github.com/ethyca/fides/pull/5429)
 
 ### Developer Experience
 - Added Carbon Icons to FidesUI [#5416](https://github.com/ethyca/fides/pull/5416)

src/fides/api/service/saas_request/override_implementations/zendesk_request_overrides.py

@@ -0,0 +1,72 @@
+from typing import Any, Dict, List
+from urllib import parse
+from urllib.parse import urlsplit
+
+import pydash
+
+from fides.api.common_exceptions import FidesopsException
+from fides.api.graph.traversal import TraversalNode
+from fides.api.models.policy import Policy
+from fides.api.models.privacy_request import PrivacyRequest
+from fides.api.schemas.policy import ActionType
+from fides.api.schemas.saas.shared_schemas import HTTPMethod, SaaSRequestParams
+from fides.api.service.connectors.saas.authenticated_client import AuthenticatedClient
+from fides.api.service.saas_request.saas_request_override_factory import (
+    SaaSRequestType,
+    register,
+)
+from fides.api.util.collection_util import Row
+
+
+def _check_tickets(tickets: List[Row], policy: Policy) -> None:
+    """
+    Raises an exception if there are any "open" tickets to halt the privacy request.
+    Will only halt if the policy contains an erasure action.
+    """
+    if policy.get_rules_for_action(action_type=ActionType.erasure):
+        for ticket in tickets:
+            if ticket["status"] != "closed":
+                raise FidesopsException("User still has open tickets, halting request")
+
+
+@register("zendesk_tickets_read", [SaaSRequestType.READ])
+def zendesk_tickets_read(
+    client: AuthenticatedClient,
+    node: TraversalNode,
+    policy: Policy,
+    privacy_request: PrivacyRequest,
+    input_data: Dict[str, List[Any]],
+    secrets: Dict[str, Any],
+) -> List[Row]:
+
+    processed_data: List[Row] = []
+
+    for user_id in input_data.get("user_id", []):
+        # initial request using user_id
+        response = client.send(
+            SaaSRequestParams(
+                method=HTTPMethod.GET,
+                path=f"/api/v2/users/{user_id}/tickets/requested.json",
+                query_params={"page[size]": 100},
+            )
+        )
+
+        tickets = pydash.get(response.json(), "tickets")
+        _check_tickets(tickets, policy)
+        processed_data.extend(tickets)
+
+        # paginate using links.next and check each page of tickets for a chance to terminate the request early
+        while pydash.get(response.json(), "links.next"):
+            next_link = response.json()["links"]["next"]
+            response = client.send(
+                SaaSRequestParams(
+                    method=HTTPMethod.GET,
+                    path=urlsplit(next_link).path,
+                    query_params=dict(parse.parse_qsl(urlsplit(next_link).query)),
+                )
+            )
+            tickets = pydash.get(response.json(), "tickets")
+            _check_tickets(tickets, policy)
+            processed_data.extend(tickets)
+
+    return processed_data

tests/fixtures/saas/zendesk_fixtures.py

@@ -40,7 +40,7 @@ def zendesk_erasure_identity_email() -> str:
 class ZendeskClient:
     def __init__(self, secrets: Dict[str, Any]):
         self.base_url = f"https://{secrets['domain']}"
-        self.auth = secrets["username"], secrets["api_key"]
+        self.auth = secrets["username"] , secrets["api_key"]
 
     def create_user(self, email):
         return requests.post(
@@ -62,20 +62,34 @@ def get_user(self, email):
             params={"email": email},
         )
 
-    def create_ticket(self, user_id: str):
-        return requests.post(
-            url=f"{self.base_url}/api/v2/tickets",
-            auth=self.auth,
-            json={
+    def create_ticket(self, user_id: str, closed: bool):
+        if closed:
+            json = {
                 "ticket": {
                     "comment": {"body": "Test Comment"},
                     "priority": "urgent",
                     "subject": "Test Ticket",
                     "requester_id": user_id,
                     "submitter_id": user_id,
                     "description": "Test Description",
+                    "status": "closed",
                 }
-            },
+            }
+        else:
+            json = {
+                "ticket": {
+                    "comment": {"body": "Test Comment"},
+                    "priority": "urgent",
+                    "subject": "Test Ticket",
+                    "requester_id": user_id,
+                    "submitter_id": user_id,
+                    "description": "Test Description",
+                }
+            }
+        return requests.post(
+            url=f"{self.base_url}/api/v2/tickets",
+            auth=self.auth,
+            json=json,
         )
 
     def get_ticket(self, ticket_id: str):
@@ -101,7 +115,24 @@ def zendesk_erasure_data(
     user = response.json()["user"]
 
     # ticket
-    response = zendesk_client.create_ticket(user["id"])
+    response = zendesk_client.create_ticket(user["id"], True)
+    assert response.ok
+    ticket = response.json()["ticket"]
+    yield ticket, user
+
+
+@pytest.fixture
+def zendesk_erasure_data_with_open_comments(
+    zendesk_client: ZendeskClient,
+    zendesk_erasure_identity_email: str,
+) -> Generator:
+    # customer
+    response = zendesk_client.create_user(zendesk_erasure_identity_email)
+    assert response.ok
+    user = response.json()["user"]
+
+    # ticket
+    response = zendesk_client.create_ticket(user["id"], False)
     assert response.ok
     ticket = response.json()["ticket"]
     yield ticket, user

tests/ops/integration_tests/saas/test_zendesk_task.py

@@ -1,10 +1,11 @@
 import pytest
 
+from fides.api.common_exceptions import FidesopsException
 from fides.api.models.policy import Policy
 from tests.ops.integration_tests.saas.connector_runner import ConnectorRunner
 
 
-@pytest.mark.skip(reason="No active account")
+@pytest.mark.skip(reason="move to plus in progress")
 @pytest.mark.integration_saas
 class TestZendeskConnector:
     def test_connection(self, zendesk_runner: ConnectorRunner):
@@ -87,3 +88,23 @@ async def test_non_strict_erasure_request(
             response = zendesk_client.get_ticket(ticket["id"])
             # Since ticket is deleted, it won't be available so response is 404
             assert response.status_code == 404
+
+    async def test_non_strict_erasure_request_fails_with_open_tickets(
+        self,
+        request,
+        zendesk_runner: ConnectorRunner,
+        policy: Policy,
+        erasure_policy_string_rewrite: Policy,
+        zendesk_erasure_identity_email: str,
+        zendesk_erasure_data_with_open_comments,
+        zendesk_client,
+    ):
+
+        with pytest.raises(
+            FidesopsException, match="User still has open tickets, halting request"
+        ):
+            await zendesk_runner.non_strict_erasure_request(
+                access_policy=policy,
+                erasure_policy=erasure_policy_string_rewrite,
+                identities={"email": zendesk_erasure_identity_email},
+            )